DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2026-1721: CVE-2026-1721: When JSON.stringify() Betrays You in Cloudflare Agents

#security #cve #cybersecurity

CVE-2026-1721: When JSON.stringify() Betrays You in Cloudflare Agents

Vulnerability ID: CVE-2026-1721
CVSS Score: 6.2
Published: 2026-02-13

A classic Reflected Cross-Site Scripting (XSS) vulnerability found in the Cloudflare Agents AI Playground. The flaw stems from a misunderstanding of how browsers parse script tags within inline HTML, allowing attackers to break out of a JSON string context and execute arbitrary JavaScript. This exposes sensitive LLM chat history and connected Model Context Protocol (MCP) servers to unauthorized access.

TL;DR

Reflected XSS in Cloudflare Agents AI Playground (< 0.3.10) via OAuth callbacks. Developers used JSON.stringify inside a <script> block, assuming it was safe. It wasn't. Attackers can inject </script> to break out and steal chat logs or hijack MCP sessions.

⚠️ Exploit Status: POC

Technical Details

  • Vulnerability Type: Reflected Cross-Site Scripting (XSS)
  • CWE ID: CWE-79
  • CVSS Score: 6.2 (Medium)
  • Attack Vector: Network (Reflected)
  • Exploit Status: PoC Available
  • Impact: Session Hijacking, Data Exfiltration

Affected Systems

  • Cloudflare Agents AI Playground
  • Applications using agents package < 0.3.10
  • Custom OAuth callback implementations based on the vulnerable example
  • Cloudflare Agents: < 0.3.10 (Fixed in: 0.3.10)

Code Analysis

Commit: 3f490d0

Fix XSS in OAuth callback handler by removing error reflection

- const safeError = JSON.stringify(result.authError);
- return new Response(`<script>alert(${safeError})</script>`)
+ return new Response(`<script>window.close()</script>`)
Enter fullscreen mode Exit fullscreen mode

Mitigation Strategies

  • Avoid inline scripts reflecting user input.
  • Use 'serialize-javascript' instead of 'JSON.stringify' for HTML contexts.
  • Implement Content Security Policy (CSP) to block inline scripts.

Remediation Steps:

  1. Upgrade the agents npm package to version 0.3.10 or later.
  2. Audit any custom OAuth callback handlers for JSON.stringify usage inside Response bodies.
  3. Verify that error and error_description parameters are never rendered raw.

References

Read the full report for CVE-2026-1721 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)